svn path=/trunk/packages/sipb-xen-remctl-auto/sipb-xen-remctl-auto/; revision=32
--- /dev/null
+sipb-xen-remctl-auto (1.0) unstable; urgency=low
+
+ * Initial release.
+
+ -- Tim Abbott <tabbott@mit.edu> Sun, 15 Jul 2007 19:37:05 -0400
--- /dev/null
+Source: sipb-xen-remctl-auto
+Section: net
+Priority: extra
+Maintainer: SIPB Xen Project <sipb-xen@mit.edu>
+Build-Depends: cdbs (>= 0.4.23-1.1), debhelper (>= 4.1.0)
+Standards-Version: 3.7.2
+
+Package: sipb-xen-remctl-auto
+Architecture: all
+Depends: ${misc:Depends}, remctl-server
+Description: Installs the SIPB Xen automatic remctl management system
+ This is our automatic remctl configuration management system.
--- /dev/null
+Source: sipb-xen-remctl-auto
+Section: net
+Priority: extra
+Maintainer: SIPB Xen Project <sipb-xen@mit.edu>
+Build-Depends: @cdbs@
+Standards-Version: 3.7.2
+
+Package: sipb-xen-remctl-auto
+Architecture: all
+Depends: ${misc:Depends}, remctl-server
+Description: Installs the SIPB Xen automatic remctl management system
+ This is our automatic remctl configuration management system.
--- /dev/null
+This package was created for internal use of the SIPB Xen Project of
+the MIT Student Information Processing Board. Ask tabbott@mit.edu if
+you have questions about redistribution.
--- /dev/null
+#!/usr/bin/make -f
+
+DEB_AUTO_UPDATE_DEBIAN_CONTROL = 1
+include /usr/share/cdbs/1/rules/debhelper.mk
--- /dev/null
+# /etc/cron.d/sipb-xen-remctl-auto: crontab entries for the sipb-xen-remctl-auto package
+
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+MAILTO=root
+
+@reboot root if [ -x /etc/remctl/sipb-xen-auto/remctl-update.sh ]; then nice -n10 /etc/remctl/sipb-xen-auto/remctl-update.sh all; fi
+* * * * */15 root if [ -x /etc/remctl/sipb-xen-auto/remctl-update.sh ]; then nice -n10 /etc/remctl/sipb-xen-auto/remctl-update.sh all; fi
+
+# EOF
--- /dev/null
+include /etc/remctl/sipb-xen-auto/machine.d
+remctl-auto-update all /etc/remctl/sipb-xen-auto/remctl-update.sh ANYUSER
--- /dev/null
+This is Tim Abbott's initial draft at our automatic remctl
+configuration.
+
+/etc/remctl/sipb-xen-auto/remctl-update.sh is the magic script. Run
+it with "all" as an argument, and it will update everything.
+
+The inputs to this system are as follows:
+
+/etc/remctl/sipb-xen-auto/acl/MACHINENAME
+
+ This directory contains files named MACHINENAME for each machine.
+These ACL files specify who is allowed to administer the machine. You
+can use entries that are Kerberos principles, or entries of the form
+
+include /etc/remctl/sipb-xen-auto/moira-acl/sipb-xen
+
+to include AFS groups in ACLs. To add a new machine to the system,
+you simply need to create /etc/remctl/sipb-xen-auto/acl/MACHINENAME
+and then run
+
+/etc/remctl/sipb-xen-auto/remctl-update.sh all
+
+Everything else is autogenerated from that information.
+
+
+Other files of interest:
+
+/etc/remctl/sipb-xen-auto/auto-machine-list
+
+ The list of machines that should have their remctl configuration
+files generated from the template. This is generated from
+listing /etc/remctl/sipb-xen-auto/acl/*.
+
+/etc/remctl/sipb-xen-auto/auto-moira-list
+
+ The list of Athena AFS groups from which acl files should be
+generated. The ACL files are placed in
+/etc/remctl/sipb-xen-auto/moira-acl/, and named GROUPNAME. Ths list
+is generated by parsing the ACL files in /etc/remctl/sipb-xen-auto/acl/.
+
+
+This package also includes a crontab to run
+
+/etc/remctl/sipb-xen-auto/remctl-update.sh all
+
+every 15 minutes or so to keep our Moira mapping up to date. One can
+request an update of our Moira mapping for group X by running
+
+/etc/remctl/sipb-xen-auto/remctl-update.sh moiragroup X
+
+The web interface should probably run this when it adds a group. We
+may want to make this also available to users, but I've been lame.
+
+This package includes a remctl interface available to anyone to invoke
+the command:
+
+/etc/remctl/sipb-xen-auto/remctl-update.sh all
+
+using the following command from your favorite machine with remctl:
+
+remctl black-mesa.mit.edu remctl-auto-update all
+
+It requires no special permission to run; there is a potential DOS
+issue here, but I don't think it is serious.
+
+Thought should be put into how to ensure that the servers stay in sync.
--- /dev/null
+dispatch.sh
\ No newline at end of file
--- /dev/null
+dispatch.sh
\ No newline at end of file
--- /dev/null
+dispatch.sh
\ No newline at end of file
--- /dev/null
+dispatch.sh
\ No newline at end of file
--- /dev/null
+#!/bin/sh
+# dispatch-ACTION.sh MACHINE
+#
+# remctl should have already verified that the user is authorized to
+# control the machine. So, we just need to execute the action requested.
+#
+# $0 and $1 come from the trusted remctl source.
+#
+# $2 and so on are user-provided, and thus sketchy. I don't think we
+# need them for this script.
+
+ACTION=$(echo $0 | awk -F'.' '{print $2}')
+MACHINE=$1
+echo $ACTION
+
+case "$ACTION" in
+ reboot|list|vcpu-list|destroy|create|uptime)
+ xm $ACTION $MACHINE
+ exit 0
+ ;;
+ *)
+ echo "ERROR: Invalid Command"
+ exit 1
+ ;;
+esac
--- /dev/null
+dispatch.sh
\ No newline at end of file
--- /dev/null
+dispatch.sh
\ No newline at end of file
--- /dev/null
+create #MACHINENAME# #BINDIR#/dispatch.create.sh /etc/remctl/sipb-xen-auto/acl/#MACHINENAME#
+reboot #MACHINENAME# #BINDIR#/dispatch.reboot.sh /etc/remctl/sipb-xen-auto/acl/#MACHINENAME#
+destroy #MACHINENAME# #BINDIR#/dispatch.destroy.sh /etc/remctl/sipb-xen-auto/acl/#MACHINENAME#
+list #MACHINENAME# #BINDIR#/dispatch.list.sh /etc/remctl/sipb-xen-auto/acl/#MACHINENAME#
+vcpu-list #MACHINENAME# #BINDIR#/dispatch.vcpu-list.sh /etc/remctl/sipb-xen-auto/acl/#MACHINENAME#
+uptime #MACHINENAME# #BINDIR#/dispatch.uptime.sh /etc/remctl/sipb-xen-auto/acl/#MACHINENAME#
--- /dev/null
+#!/bin/sh
+DIR=/etc/remctl/sipb-xen-auto
+TEMPLATE=$DIR/conf.template
+MACHINEDIR=$DIR/machine.d
+MOIRADIR=$DIR/moira-acl
+MOIRATMP=$DIR/moira-tmp
+MACHINETMP=$DIR/machine-list-tmp
+AUTOMACHINELIST=$DIR/auto-machine-list
+AUTOMOIRALIST=$DIR/auto-moira-list
+BINDIR=$DIR/bin
+ACLDIR=$DIR/acl
+
+update_machine()
+{
+ machine=$1
+ sed "s/#MACHINENAME#/$machine/g" $TEMPLATE | \
+ sed "s,#BINDIR#,$BINDIR,g" >| $MACHINETMP
+ if ! cmp -s $MACHINEDIR/$machine $MACHINETMP; then
+ mv $MACHINETMP $MACHINEDIR/$machine
+ else
+ rm -f $MACHINETMP
+ fi
+}
+
+update_moiragroup()
+{
+ group=$1
+ # Should perhaps replace with LDAP, but fine for now.
+
+ # We should do more careful error checking so we don't take away
+ # all bits and delete the moira-acl files whenever there's an AFS
+ # outage.
+ pts membership system:$group -noauth | tail -n+2 | \
+ sed 's/\./\//' | \
+ sed 's/^ //' | \
+ sed 's/$/@ATHENA.MIT.EDU/g' >| $MOIRATMP
+ if test -s $MOIRATMP; then
+ if ! cmp -s $MOIRADIR/$group $MOIRATMP; then
+ mv $MOIRATMP $MOIRADIR/$group
+ fi
+ else
+ if test -e $MOIRADIR/$group; then
+ rm $MOIRADIR/$group
+ fi
+ fi
+ rm -f $MOIRATMP
+}
+
+case "$1" in
+ moiragroup)
+ update_moiragroup "$2"
+ ;;
+
+ all_machines)
+ # update the remctl.conf definitions
+ for machine in `cat $AUTOMACHINELIST`; do
+ update_machine $machine
+ done
+ ;;
+ all_moira)
+ # update our moira ACL lists
+ for group in `cat $AUTOMOIRALIST`; do
+ update_moiragroup $group
+ done
+ ;;
+ auto_machine_list)
+ # update the list of maintained machines
+ /bin/ls $ACLDIR >| $AUTOMACHINELIST
+ ;;
+ auto_moira_list)
+ # update the moira list-of-lists
+ # /bin/ls $MOIRADIR >| $AUTOMOIRALIST # BAD IDEA in case of outage
+
+ # This extracts the list of all moira lists we care about, and updates those.
+ grep -R moira $ACLDIR/ /etc/remctl/acl/ | perl -pe 's/.*moira-acl\/(.*)/$1/g' >| $AUTOMOIRALIST
+ ;;
+ all)
+ "$0" auto_machine_list
+ "$0" all_machines
+ "$0" auto_moira_list
+ "$0" all_moira
+ ;;
+esac
+
+exit 0
projects / invirt/packages/invirt-remote.git / commitdiff
